Management port on ASA

Unanswered Question
Mar 4th, 2009

I have the mgmt0/0 port set up on my ASA for mamanement-only. (ip address All works fine if I connect to it from a PC on range. If I try to connect from a PC outside this range I cannot connect. The ASA tries to send the return traffic to my remote PC via the inside interface as this is where the route is. And since this return packet is for an established connection that did not come in on the inside interface, I presume the ASA drops it. If this port is acting like a host device should there not be a default route command specific to that interface.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Ivan Martinon Wed, 03/04/2009 - 11:07

If your management port has the "management only" keyword traffic will not be treated as normal traffic hence not forwarded accordingly.

p21 Wed, 03/04/2009 - 15:24

I have the management-only command on the interface so maybe the traffice does not try to go back via the "inside" interface but how should get back to a host that is not on the 192.168.1.X/25 subnet? In this case my managemant PC is on a 10.1.0.X address and this subnet is the other side of a router to the 192.168.1.X/24 subnet. I cannot connect to my management address once I am off the 192.168.1.X subnet. Is there not a default gateway command specific to the management interface so it is treated like an independent host on the LAN. ie nothing to do with the internal routing of the ASA.

maldavis3697 Thu, 03/19/2009 - 14:38

I am having the exact same problem with an ASA we are deploying on the network tonight...did you ever figure out how to get around the issue?


p21 Thu, 03/19/2009 - 17:37

All I have figured out so far it that it seem to work fine if you are using NAT, I.E. the managemnt traffic will return via the mgmt interface and the internet will return via inside interface. The problem is I am not using NAT on my ASA and I think that is the problem. No connection tracking or something like that.


This Discussion